before 18.104.22.168, and SeaMonkey before 1.1.17 allows remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via vectors related to (1)
js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion
in jsinterp.c; and other vectors.